Highlights

Also on KPMG.com

When companies go too far

Let’s imagine you are about to buy the latest top-of-the range, high-connectivity TV set. What if the brand offered you a hefty discount if you allowed it to collect data on what you watched? Seems harmless enough. Now what about that new expensive comprehensive fitness tracker? Half-price if the manufacturer can collect your data? Deal! But now that your private health data is no longer exclusive to you, how do you know it won’t be sold on to interested parties? Insurance companies? Banks? Your employers, present and potential? We need to talk about this…

The pace of development in data collection technology has been so rapid that it has left companies trailing in its wake when it comes to assessing how all this personal data is stored and used. But where the public were once happy to go along with promises of better, more personalised services, now opinion is changing as they discover their privacy is not so private any more. Scary headlines and prophesies of a Truman Show-esque world where our every move is subject to scrutiny and analysis are all too common, and brands now risk serious damage if the data they collect is breached or misused.

“Society has barely begun to address the moral and legal questions of what is private and what is public in this era of big data”

“Society has barely begun to address the moral and legal questions of what is private and what is public in this era of big data,” says Mark Thompson, Global Privacy Lead at KPMG International. “Misjudging consumer attitudes threatens mass switch-offs from consumers who feel their privacy is being violated. Very few companies are asking themselves whether they are handling customer information in a morally and legally sound way. It’s time they did.”

Consumer concerns

An extensive new global consumer survey, Crossing the line? Staying on the right side of consumer privacy (KPMG Privacy Advisory, October 2016), reveals that, on average globally, 56% of people are “concerned” or “extremely concerned” about the way companies handle and use their personal data.

Fears aren’t confined to identity theft and fraud. There is a growing sense that citizens are under surveillance: that their phones and web browsers may be recording information about them when they are least aware of it. Although many consumers have tolerated this intrusion as the price of convenience and a more tailored offering, many more are beginning to question whether the end justifies the means.

For organisations collecting and handling the data, consumer information is a rich source of competitive advantage. But it can also be a substantial risk if they lose or abuse it. There are heavy regulatory and legal consequences if they do not safeguard it properly, and punitive reputational consequences if mistreatment undermines customer confidence.

While over half of all participants were happy to share basic personal data about gender, education and ethnicity online, 55% had let worries about privacy stop them from buying something online. Consumers in most countries considered control over privacy to be more important than convenience, and there was general unease with online shopping data being sold to third parties.

More than two-thirds of people were uncomfortable with smartphone and tablet apps using their personal data, and high numbers of respondents felt that social media sites and gaming and entertainment companies asked for unjustified levels of personal information.

“Misjudging consumer attitudes threatens mass switch-offs from consumers who feel their privacy is being violated"

Being in control

Much of consumers’ wariness is down to a feeling of loss of control. In particular, consumers feel data is being gathered without their conscious approval – and often without their knowledge. To find that there is suddenly a direct correlation between the content of private emails or contained social media activity, and the online ads being served up to them, makes people feel they are being snooped on. Nor do they like the idea that it is up to consumers to read the small print and protect themselves; that their personal disclosures are fair game unless they have opted out.

Where consumers are aware of data being gathered, they are more likely to accept it if organisations are transparent about the practice, the benefits are clear – and in the consumer’s interest. This is reflected in consumers’ attitudes to different markets. Data treatment is more likely to be trusted in banking (41% felt happier about privacy here), health provision (39%), law enforcement (36%) and local government (33%). Consumers are least likely to trust supermarkets (17%), gaming companies (14%), retailers (14%) and social media brands (13%) with their data.

The more self-serving data collection is seen to be for a company, the more cagey consumers are. For example, while more than three-quarters of consumers (78%) find the use of telematics devices acceptable for enabling emergency services to track a vehicle, the same proportion resist the idea of personalized electronic billboards.

And while 67% could accept smart energy meters transmitting usage information, 63% would object to a taxi company buying their geolocation data so it could propose a cab ride as they get off the train.

The trade-offs between supplier and consumer are intriguing. Some consumers are more amenable to data-sharing if offered an incentive. Almost half (48%) said they would accept a technology company tracking their tablet use if the device had been provided for free. Similarly, 46% said they would allow their viewing habits to be monitored if they got a discount on a new TV.

And just as 49% accepted the justification of collecting emails and browsing history to help law enforcement prevent terrorism, 45% would be willing for an insurance company to pass driving information, captured by telematics, to the police if it meant they benefited from lower insurance costs. Where there is no perceived gain to the consumer, tolerance quickly drops: 84% object to mobile apps accessing their contacts, photos and browsing history; 82% dislike the idea of online retailers selling on their data to third parties; and 68% are put off by online ads that exploit private email content to improve targeting.

Need for transparency

The lesson for organisations seeking to harness personal data is the importance of discreet strategies and clear intentions.

“Companies must act with more discretion when collecting personal data from areas consumers regard as more sensitive, if they wish to retain their trust,” says KPMG’s Thompson. “While some may still count the exchange of personal data for services as a price worth paying, others will work harder to hold on to their personal data.”

As organisations hone their data privacy plans, they may need to offer greater incentives to consumers. “A price difference at the point of purchase would openly acknowledge personal data collection,” says Greg Bell, Global Cyber Security co-leader at KPMG International. “Currently, consumers have to choose whether to use a service based on a long and complicated set of terms and conditions that almost nobody reads.”

Making it easier for consumers to see what they are signing up to is important in reducing risk. “A simple, regulated traffic light system is another potential solution,” Bell suggests. “A website that sells on all personal data would come up as red, for example.

“Early indications are that greater transparency and control leads to more open sharing on the part of consumers,” he adds. “In an experiment in Italy, hundreds of families used an open sharing system where their information was stored in a secure way and they could control who accessed it. Because the families had confidence in the system, they ended up sharing a lot more information.

“Personal data is the fuel of our future economy – a source of revenue and driver of prosperity – so it is absolutely vital that organizations get on top of this.”